Ubuntu
rust-sudo-rs package

Sudo-rs panics executing shell script without execute permission

Bug #2130973 reported by platform34
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
rust-sudo-rs (Ubuntu)
Fix Released
Undecided
Unassigned
Questing
Fix Committed
High
Ghadi Rahme

Bug Description

Thank you @platform34 for the original description!

[Impact]
Currently running sudo-rs on a script with no execute permissions will lead to a crash of the program. This harms scripts which might expect only a permission denied error and handle them gracefully if they arise. The fix has been made available upstream here: https://github.com/trifectatechfoundation/sudo-rs/commit/eeb1ad77237353cbdf53772ca5278cd1dd1aed1b

Ubuntu 26.04 already has the fix but 25.10 is affected.

[Test Plan]
1. Create a new file and make sure it has no execute permissions:
$ touch test.sh
$ ls -l test.sh
-rw-rw-r-- 1 ghadi ghadi 0 Jan 9 18:41 test.sh

2. Run sudo on the file while using sudo-rs and the following error will be shown:

$ sudo ./test.sh
[sudo: authenticate] Password:

thread 'main' panicked at src/exec/use_pty/monitor.rs:283:45:
internal error: entered unreachable code
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
sudo-rs: cannot execute '/path/to/test.sh': Permission denied (os error 13)

The expected behavior is the following output:
$ sudo ./test.sh
sudo-rs: cannot execute '/path/to/test.sh': Permission denied (os error 13)

Where only the permission denied error is printed and sudo does not panic.

[ Where problems could occur ]

* Since the changes touch on how error messages are sent in sudo-rs, it is possible that it might block some errors from properly propagating.

[original description]
My Ubuntu Budgie install was updated to Ubuntu 25.10 last week which replaced sudo with the rust sudo-rs version 0.2.8.

Today I was executing a bash script with sudo and forgot to grant the script execute permission. Not a big problem however the response from sudo-rs was a panic, rather than a gracefully handled error message.

I retested with a very simple script and the panic is 100% reproducible.

Is this the same bug as: https://github.com/trifectatechfoundation/sudo-rs/pull/1298

sudo ./test

#!/bin/bash
sudo apt update

thread ‘main’ panicked at src/exec/use_pty/monitor.rs:283:45:
internal error: entered unreachable code
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
sudo-rs: cannot execute ‘/home/REDACTED/test’: Permission denied (os error 13)

ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: sudo-rs 0.2.8-1ubuntu5
ProcVersionSignature: Ubuntu 6.17.0-6.6-generic 6.17.1
Uname: Linux 6.17.0-6-generic x86_64
ApportVersion: 2.33.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: Budgie
Date: Sun Nov 9 09:25:14 2025
InstallationDate: Installed on 2025-10-23 (17 days ago)
InstallationMedia: Ubuntu-Budgie 25.04 "Plucky Puffin" - Release amd64 (20250415.2)
ProcEnviron:
 LANG=en_GB.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
SourcePackage: rust-sudo-rs
UpgradeStatus: Upgraded to questing on 2025-11-02 (7 days ago)

See original description
Revision history for this message
platform34 (platform34) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rust-sudo-rs (Ubuntu):
status: New → Confirmed
Revision history for this message
Ghadi Rahme (ghadi-rahme) wrote :
description: updated
Changed in rust-sudo-rs (Ubuntu Questing):
assignee: nobody → Ghadi Rahme (ghadi-rahme)
importance: Undecided → High
Revision history for this message
Skia (skia) wrote :

@ghadi-rahme
Thanks for providing the debdiff.
Is there a reason not to pick up the test from the original patch?

Revision history for this message
Ghadi Rahme (ghadi-rahme) wrote :

Hello @skia

I haven't included the test because the file where the test is located does not exist on the questing version of sudo-rs and monitor.rs does not contain any unit tests (I was trying to minimize deviation from upstream).

I can implement it in monitor.rs if you think it would be the correct way forward.

Revision history for this message
Skia (skia) wrote :

Ack, it's fine, uploaded:

$ dput ubuntu ../rust-sudo-rs_0.2.8-1ubuntu5.3_source.changes
Uploading rust-sudo-rs using ftp to ubuntu (host: upload.ubuntu.com; directory: /ubuntu)
running suite-mismatch: check the target distribution for common errors
running releasemismatch: Warn about mismatching suffixesg e.g. focal with a XX.YY not being 20.04
running placeholderbug: Stop if using common placeholder numbers as bug reference.
running updatemaintainer: Stop if ubuntu changes are without ubuntu maintainer.
running gpg: check GnuPG signatures before the upload
running supported-distribution: check whether the target distribution is currently supported (using distro-info)
{'allowed': ['release', 'proposed', 'backports', 'security'], 'known': ['release', 'proposed', 'updates', 'backports', 'security']}
running required-fields: check whether a field is present and non-empty in the changes file
running ppaforppaonly: Stop uploads to the archive with or to ppa without ~ppa suffix.
running checksum: verify checksums before uploading
running badauthor: Stop if uploading with root@ or ubuntu@ email adresses.
running check-debs: makes sure the upload contains a binary package
running gitubuntu: Warn if uploading without git-ubuntu Vcs-* entries.
running nobug: Stop if uploading without any bug reference.
Uploading rust-sudo-rs_0.2.8-1ubuntu5.3.dsc
Uploading rust-sudo-rs_0.2.8.orig-rust-vendor.tar.xz
Uploading rust-sudo-rs_0.2.8.orig.tar.gz
Uploading rust-sudo-rs_0.2.8-1ubuntu5.3.debian.tar.xz
Uploading rust-sudo-rs_0.2.8-1ubuntu5.3_source.buildinfo
Uploading rust-sudo-rs_0.2.8-1ubuntu5.3_source.changes

Now as soon as the SRU approves the package and you have it built in -proposed, please remember to come and verify it, and/or have someone else do some verification, so that it doesn't rot in -proposed.

Thanks for working on fixing bugs :-)

Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello platform34, or anyone else affected,

Accepted rust-sudo-rs into questing-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/rust-sudo-rs/0.2.8-1ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-questing to verification-done-questing. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-questing. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in rust-sudo-rs (Ubuntu):
status: Confirmed → Fix Released
Changed in rust-sudo-rs (Ubuntu Questing):
status: New → Fix Committed
tags: added: verification-needed verification-needed-questing
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.